imlonghao
commented
5 years ago I have fixed this vulnerability by encoding the author name.
Thanks for reporting.
Closed HatBoy closed 5 years ago
imlonghao
commented
5 years ago I have fixed this vulnerability by encoding the author name.
Thanks for reporting.
Hi, I would like to report Cross Site Scripting vulnerability in latest release.
Description: Cross-site scripting (XSS) vulnerability in app/main/views.py articleDetails() function and app/templates/_article_comments.html 70 line. Steps To Reproduce: 1.select one article detials, like:http://122.152.231.228:8080/article-detials/4 2.find the article comment or create new comment. 3.Reply the comment, and the nikename is XSS payload.like: ,then submit.
4.Click the reply button, trigger the payload.use this vulnerability, I can stealing admin cookies and more.
author by jin.dong@dbappsecurity.com.cn